In Texas You Must Have A PI License To Examine Computer Data
- 4
- Add a Comment
Now this is strange. According to a Texas law passed in 2007, anyone who repairs a computer in which they access personal data on the system, must have a private investigators license. In general the law states the following according the article at The Daily Texan:
According to the law passed in the 2007 Texas legislative session, the private investigator’s license is required for repair technicians to analyze their customers’ computer data. This analysis is common for business managers who wish to track their employees’ computer usage or families who want to find out where their children or spouses have been online, said Matt Miller, executive director of the institute.
To obtain a private investigator’s license, computer repair shop owners would have to close their businesses for up to three years to either earn a criminal justice degree or complete an apprenticeship under a licensed private investigator, Miller said.
So if a tech repairs a PC and views data that the government believes is private, than the tech may be convicted of a crime.
Which brings up a situation like trying to remove a virus. If the tech viewed personal data to remove the critter it could be construed as an invasion subject to the law. This is going to make a tech’s life interesting when it comes to repairing systems in which the owner wants to know if any user may have caused the infection.
What do you think? Is this law needed or is it extreme in nature?
Comments welcome.
4 Comments
exneo
July 1st, 2008
at 10:08am
this is just a case of ignorant state reps but sure is it funny when old people make laws about modern technology!
leftystrat
July 1st, 2008
at 3:11pm
I read `to analyze their customers’ data’ literally. If you’re not analyzing the data, you’re ok. It would be criminally insane to have such an onerous requirement for hard drive installers or software installers, wouldn’t it?
Ryan
July 1st, 2008
at 10:44pm
Use UNIX/Linux/OS X and don’t give anyone else sudo or su access?
They can’t do anything to alter files they don’t own, and anything they do try is caught by syslogd (System Log Daemon)
And if they do manage to install, what, like all of 1 or 2 viruses in the world the system may be vulnerable to, the worst they can do is hose their account, it won’t ever spill over into the system or any other user’s files.
This is called Discretionary Access Control, Windows has aspects of it, but it is not well implemented.
Depending on what Linux or UNIX system you use, there can also be Mandatory Access Control and Mandatory Integrity Control (SELinux or AppArmor are a couple easy examples), that make sure that every system service is running with the bare minimum system access needed to do it’s job, then there’s Address Space Layout Randomization, which loads vital data and libraries in random places in memory.
Then there’s the No Execute bit that Windows supports (If you flip on PAE and watch your programs and drivers possibly die a slow, painful death), No Execute marks areas in RAM where data should not be executed, meaning most unchecked buffers can’t be exploited.
Needless to say, this would stop all but the very very best crackers, worms, and viruses that could possibly be engineered.
The user is still a target, but a system administrator that judiciously hands out the family jewels (su/sudo) should be covered in most any event.
I remember watching the introduction to Windows Me commercial where this toddler was banging on the keyboard with a toy hammer and ruined some system settings, of course they were trying to make a 3 second use case for System Restore (which is it’s own kerfluffle), but what they really pointed out is “Yes, Windows IS this easy to screw over!”
Denny
July 2nd, 2008
at 8:46am
Don’t . Give . California . Any . NEW IDEAS RON .
****